new aws services
TRANSCRIPT
![Page 1: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/1.jpg)
New AWS ServicesAWS PHOENIX MEETUP
Josh Padnick Gruntwork Monday, August 29, 2016
![Page 2: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/2.jpg)
Today’s talk is about three recent updates in AWS.
![Page 3: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/3.jpg)
Today’s talk is about three recent updates in AWS.‣ Application Load Balancer (ALB) ‣ EC2 Container Service (ECS) ‣ Kinesis Analytics
![Page 4: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/4.jpg)
For each service, we’ll discuss…‣ The big idea ‣ What’s new ‣ Examples
![Page 5: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/5.jpg)
Intended Audience
Executives Developers
![Page 6: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/6.jpg)
We’ll start simple. But we’ll get progressively more technical.At a certain point, we’ll dive deep into the technical nuances of the topic. In such cases, look for the Nerd Alert ribbon.
Nerd Alert
![Page 7: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/7.jpg)
Hi, I’m Josh Padnick.‣ Published A Comprehensive Guide
to Building a Scalable Web App on AWS. Received 500+ up votes on Hacker News.
‣ Consulted on DevOps & AWS with ~25 companies worldwide including Intel and Infusionsoft.
‣ Full-stack engineer for 10+ years
‣ Co-founder at Gruntwork.
![Page 8: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/8.jpg)
‣ We setup software teams on AWS with DevOps best practices and world-class infrastructure.
‣ But we do it in about 2 weeks!
‣ The secret sauce is we offer battle-tested, pre-written “Infrastructure Packages” for common AWS needs.
‣ Plus consulting & support as needed.
http://gruntwork.ioI work at Gruntwork.
![Page 9: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/9.jpg)
Application Load Balancer (ALB)
![Page 10: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/10.jpg)
Let’s start by talking about the generic concept of a Load Balancer.
![Page 11: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/11.jpg)
The Big Idea
Hi, I’m an EC2 Instance!
My App
![Page 12: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/12.jpg)
The Big IdeaWith a single VM, users can connect directly to the VM.
![Page 13: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/13.jpg)
The Big IdeaBut if that VM fails, our entire service goes down.
XX
![Page 14: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/14.jpg)
The Big IdeaWith multiple VMs, we gain High Availability (HA)!
![Page 15: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/15.jpg)
The Big IdeaIf one VM goes down, we can just serve traffic from the other.
XX
✅
![Page 16: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/16.jpg)
The Big IdeaBut how do we route requests to more than one VM?
?
![Page 17: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/17.jpg)
The Big IdeaWe use a Load Balancer. This is sometimes called a Reverse Proxy.
Load Balancer
![Page 18: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/18.jpg)
The Big IdeaThere are a few properties we want out of this load balancer:
![Page 19: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/19.jpg)
The Big IdeaThere are a few properties we want out of this generic load balancer:
‣ It should itself be HA!
‣ It should elastically scale as we get more traffic.
‣ It should do a Health Check on each VM.
![Page 20: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/20.jpg)
The Big IdeaKeep going…
‣ It should support the latest protocols (TCP, UDP, HTTP(S) 1.1, HTTP/2, WebSockets).
‣ It should log all requests.
‣ It should emit helpful metrics.
![Page 21: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/21.jpg)
The Big IdeaKeep going…
‣ It should allow routing a single user to the same VM, but spread different users across different VMs (sticky sessions).
‣ It should route a request for /apples to one set of VMs and /oranges to another (path-based routing).
![Page 22: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/22.jpg)
The Big IdeaKeep going…
‣ It should have first-class support for routing to Docker containers in EC2 Container Service (ECS)
‣ Route to an app running in a container, not just to a VM.
‣ Route to multiple different containers on the same VM.
‣ Know about new containers when I launch them (service discovery).
Nerd Alert
![Page 23: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/23.jpg)
In 2012, Amazon released the Elastic Load Balancer.
Elastic Load Balancer (ELB)
![Page 24: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/24.jpg)
Nerd AlertOld ELB was a Layer 4 Load BalancerOpen Systems Interconnection (OSI) Network Model
Physical / Data Link1 / 2
Network (IP, ICMP)3
Transport (TCP, UDP)4
Session5
Presentation (TLS)6
Application (HTTP, FTP, DNS, SSH)7
![Page 25: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/25.jpg)
But there’s a problem…
‣ Helpful metrics like “Sum HTTP 5XX errors” only apply to HTTP traffic.
‣ Path-based routing requires inspecting the HTTP traffic.
Some of our feature asks are HTTP-specific.
![Page 26: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/26.jpg)
But there’s a problem…
‣ Route to more than one port on the same VM
Some of our feature asks are DOCKER-specific.
![Page 27: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/27.jpg)
So AWS has released the new Application Load Balancer (ALB).
![Page 28: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/28.jpg)
So AWS has released the new Application Load Balancer (ALB).An updated load balancer opinionated to: - modern apps built with HTTP- Docker
![Page 29: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/29.jpg)
Updated Terminology
Elastic Load Balancing
Application Load Balancer (ALB) Classic Load Balancer (Sometimes called “ELB”)
![Page 30: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/30.jpg)
Nerd AlertALB is a Layer 7 Load BalancerOpen Systems Interconnection (OSI) Network Model
Physical / Data Link1 / 2
Network (IP, ICMP)3
Transport (TCP, UDP)4
Session5
Presentation (TLS)6
Application (HTTP, FTP, DNS, SSH)7
![Page 31: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/31.jpg)
Nerd AlertALB is a Layer 7 Load BalancerTranslation
‣ The ALB inspects HTTP traffic and makes routing decisions based on this.
‣ But the ALB doesn’t deal with “OSI Layer 3” forwarding, so no TCP or UDP forwarding.
Application (HTTP, FTP, DNS, SSH)7
![Page 32: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/32.jpg)
New features in the ALB
![Page 33: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/33.jpg)
Support for HTTP/2‣ Did you know HTTP 1.1 came out in 1999
when this was what the Web looked like?
![Page 34: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/34.jpg)
Support for HTTP/2‣ The web of 2016 is different than the web of
1999:
![Page 35: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/35.jpg)
HTTP/2 Benefits‣ Sends headers/cookies just once instead of on
every request.
‣ Encodes all data in binary versus a textual format.
‣ Transmits all data over a single, multiplexed TCP connection versus multiple blocking connections in HTTP/1.1.
Nerd Alert
![Page 36: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/36.jpg)
Your Backend App Can Still Speak HTTP/1.1
Nerd Alert
HTTP/2 HTTP/1.x
Note that HTTP/2 requires that you use HTTPS on the ALB.
![Page 37: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/37.jpg)
All modern browsers support HTTP/2
Nerd Alert
SOURCE: http://caniuse.com/#search=http2
![Page 38: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/38.jpg)
Support for WebSockets‣ A long-time ask for ELBs has been WebSocket
support. ALBs now support this!
Nerd Alert
ws://…
ws://…
![Page 39: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/39.jpg)
Content-Based Routing‣ Route /blue to one service.
‣ Route /green to another service.
‣ Previously, this required two load balancers. Now, it requires just one!
![Page 40: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/40.jpg)
Content-Based Routing‣ LIMITATION
‣ We don’t get path rewriting.
‣ So you can’t send /blue to /hello/blue unless your backend app handles that.
Nerd Alert
![Page 41: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/41.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
The Classic Load Balancer includes as part of its configuration which EC2 Instances it will route to.
ELB
![Page 42: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/42.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
With ALBs, the concept of Load Balancer is separated from the concept of Target EC2 Instances.
ALB
Target Group
Target Group
![Page 43: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/43.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Our ALB needs a list of “targets” where it can send traffic. We’ll group all such targets into a Target Group.
Empty Target Group
![Page 44: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/44.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Let’s add one Target:
i-123Port 8000
Notice we have both an instance id and port number.
![Page 45: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/45.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Let’s add a second Target:
i-123Port 8000
i-123Port 8001
This target has the same instance id but a different port number.
![Page 46: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/46.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Let’s add a third Target:
i-123Port 8000
i-123Port 8001
i-789Port 3034
![Page 47: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/47.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Our ALB will send traffic to any Healthy Target in the Target Group.
i-123Port 8000
i-123Port 8001
i-789Port 3034
![Page 48: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/48.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
Note that the Classic ELB does not use a Target Group and can only send to the same port on different EC2 Instances.
i-123Port 8000
i-789Port 8000
![Page 49: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/49.jpg)
New Concepts in Elastic Load Balancing‣ Target Groups
The big takeaway is you can group your (micro)services into Target Groups, even if multiple target groups include the same EC2 Instance!
i-123 i-456 i-789
Service B
Service A
Nerd Alert
![Page 50: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/50.jpg)
Content-Based Routing‣ Route /blue to one service Target Group.
‣ Route /green to another service Target Group.
‣ Previously, this required two load balancers. Now, it requires just one!
![Page 51: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/51.jpg)
Support for Container-Based Apps
‣ We often want to run the same Docker image on the same EC2 Instance on different ports.
‣ Target Groups means the ALB can route to either to two different ports on the same server!
‣ This also means we can dynamically select our container ports in an EC2 Container Service Cluster!
Nerd Alert
![Page 52: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/52.jpg)
Nerd AlertSupport for Container-Based Apps
Port8523
Port8000
Port4738
Port8713
![Page 53: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/53.jpg)
Target Group metrics.‣ We get CloudWatch Metrics on Target Groups.
‣ This is a nice way to get metrics specific to a service.
Nerd Alert
![Page 54: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/54.jpg)
Better metrics.‣ Many new metrics on the ALB!
Nerd Alert
‣ ClientTLSNegotiationErrorCount
‣ TargetTLSNegotiationErrorCount
‣ TargetConnectionErrorCount
‣ TargetResponseTime
‣ NewConnectionCount
‣ ActiveConnectionCount
‣ RejectedConnectionCount
‣ ProcessedBytes
![Page 55: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/55.jpg)
Other Cool Features‣ Load-balancer generated sticky-session
cookies (client must support cookies).
‣ Slightly less expensive.
‣ Faster performance in general.
Nerd Alert
![Page 56: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/56.jpg)
When to Use the ALB‣ When running any HTTP-based service.
‣ When using WebSockets with a load balancer.
‣ When using Docker, especially with EC2 Container Service.
![Page 57: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/57.jpg)
When to Use the Classic ELB‣ You need OSI Layer 4 Routing (i.e. TCP / UDP)
‣ Your app listens on a protocol other than HTTP.
![Page 58: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/58.jpg)
Alternatives to the ALB/ELB‣ Set up your own load balancer using Nginx or
HAProxy.
‣ But this means you need to build auto-scaling, auto-failover, automated DNS updates, configure metrics, configure logging, manage upgrades, and a few more items.
‣ Conclusion: don’t do this unless you have to.
![Page 59: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/59.jpg)
Recent Updates to EC2 Container Service (ECS)
![Page 60: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/60.jpg)
The Big Idea
Hi, I’m an EC2 Instance!
![Page 61: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/61.jpg)
The Big Idea
I can offer you resource isolation.
And I can be launched in just minutes!
![Page 62: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/62.jpg)
Limitations of a VMBut minutes could be an eternity.
If deploying multiple times a day,we’re just waiting for VMs to launch.
Building an Amazon Machine Imagealso takes on the order of minutes.
![Page 63: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/63.jpg)
Limitations of a VMAnd I can’t run that AMI locally.
If I want to run the same “Golden Image” locally, I’m out of luck.
X
![Page 64: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/64.jpg)
Sometimes a single app uses a tiny portion of available resources.
Mem Usage: 12%
CPU Usage: 7%
![Page 65: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/65.jpg)
So it’d be nice if we could pack multiple apps in a single EC2 Instance.
Mem Usage: 85%CPU Usage: 90%
App 1 App 2
App 3
![Page 66: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/66.jpg)
Introducing Docker
![Page 67: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/67.jpg)
Why developers love containers.‣ A container is just an isolated OS process, so it runs
directly on your EC2 Instance.
‣ It’s similar to a “lightweight VM” and can start in milliseconds.
‣ You can run multiple containers on a single EC2 Instance.
‣ You can run the same docker image on any platform.
‣ You can download pre-built docker images for almost all custom software.
![Page 68: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/68.jpg)
So we want to run our apps as containers.‣ But we don’t want to run containers on just a
single EC2 Instance.
If I go down, I’m taking all apps with me!
![Page 69: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/69.jpg)
We want to run multiple containers across multiple EC2 Instances.
![Page 70: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/70.jpg)
But running a “docker cluster” is hard.
‣ Way to bootstrap the cluster
‣ Container scheduler
‣ Service Discovery solution
‣ Load balance to containers
‣ Auto-restart failed containers
‣ Cluster-wide metrics
We need…
![Page 71: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/71.jpg)
There are multiple options to solve this problem today.
![Page 72: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/72.jpg)
But my favorite solution is Amazon EC2 Container Service (ECS)
Amazon EC2 Container Service
![Page 73: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/73.jpg)
Benefits of ECS‣ Built-in cluster bootstrapping
‣ Built-in scheduler (with ability to use a custom scheduler)
‣ Built-in service discovery
‣ Built-in load balancer (ALB)
‣ Built-in auto-restart on failed containers
‣ NEW! Auto-scale your service
‣ NEW! Fine-grained AWS permissions on your service
![Page 74: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/74.jpg)
What’s Missing from ECS‣ Service-to-service authentication
‣ Run background jobs within the cluster (you can still do this with Lamba’s run on cron schedules, though)
‣ DNS namespacing
‣ Built-in persistent volumes
‣ Built-in support for log aggregation (on services other than CloudWatch Logs)
![Page 75: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/75.jpg)
Then why is it my favorite?‣ Because most teams don’t need those features.
‣ If you’re ok with the limitations, ECS is easier to setup than anything else.
‣ The new ALB plus the new features we’ll talk about make this even more compelling.
![Page 76: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/76.jpg)
ECS Terminology
![Page 77: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/77.jpg)
ECS Cluster
![Page 78: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/78.jpg)
ECS Instance
![Page 79: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/79.jpg)
ECS Task
![Page 80: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/80.jpg)
ECS Task DefinitionDeclares what kind of ECS Task should be run.(e.g. docker run properties)
![Page 81: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/81.jpg)
ECS Service
![Page 82: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/82.jpg)
One other quick review…
![Page 83: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/83.jpg)
EC2 Instances get permissions to AWS Resources via IAM Roles.
EC2 Instance
Authenticates to AWS via IAM Role
![Page 84: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/84.jpg)
EC2 Instances get permissions to AWS Resources via IAM Roles.
EC2 Instance
S3 Bucket
![Page 85: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/85.jpg)
New features in ECS
![Page 86: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/86.jpg)
Feature #1: IAM Role for ECS Tasks
![Page 87: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/87.jpg)
IAM Roles for EC2 InstancesPreviously, ECS Tasks could only get permission to other AWS resources (e.g. a file in S3) by using the IAM Role of the ECS Instance.
ECS Instance IAM Role
![Page 88: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/88.jpg)
IAM Roles for EC2 InstancesThis meant that the BLUE and YELLOW app both got the same AWS permissions.
ECS Instance IAM Role
ECS Instance IAM Role
![Page 89: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/89.jpg)
IAM Roles for ECS TasksWith IAM Roles for ECS Tasks, now each ECS Task can get its own IAM Role!
ECS Task IAM Role
ECS Task IAM Role
![Page 90: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/90.jpg)
IAM Roles for ECS TasksThis means that each ECS Task can have its own set of permissions to other AWS resources.
ECS Task IAM Role
ECS Task IAM Role
Bucket A
Bucket B
![Page 91: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/91.jpg)
How It Works‣ When we create an ECS Task Definition, we can
now specify a Task Role.
![Page 92: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/92.jpg)
Feature #2: ECS Service Auto-Scaling
![Page 93: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/93.jpg)
ECS Service Auto-ScalingPreviously, we could auto-scale the ECS Instances but not the ECS Tasks.
This meant that we could not auto-scale an ECS Service without lots of hackery.
![Page 94: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/94.jpg)
ECS Service Auto-ScalingNow we can!
![Page 95: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/95.jpg)
ECS Service Auto-ScalingWe define Scaling Policies just like with classic Auto Scaling.
![Page 96: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/96.jpg)
We Scale on Just Two Metrics‣ CPUUtilization
‣ MemoryUtilization
Total CPU/Memory In Use
Total CPU/Memory Reserved=
![Page 97: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/97.jpg)
Feature #3: EC2 Container Registry (ECR)
![Page 98: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/98.jpg)
When you work with Docker, you need a place to store your Docker images.‣ Classic Docker build pipeline example:
Git Commit to Master Branch
Build Docker Image
Push to Docker Registry
![Page 99: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/99.jpg)
There are a few options for the Docker Registry‣ Docker Hub
‣ Quay.io by CoreOS
‣ Artifactory by jfrog
![Page 100: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/100.jpg)
But there are some challenges.‣ Docker Hub can sometimes be slow or
unreliable.
‣ Authenticating to any solution means you have to store the credentials somewhere.
‣ Download speeds and proximity to the service make a difference.
![Page 101: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/101.jpg)
So Amazon has released EC2 Container Registry (ECR)
Amazon EC2 Container Registry
![Page 102: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/102.jpg)
ECR Features‣ Fully managed by Amazon
‣ Relatively fast
‣ Accessible by a typical docker client
‣ Integrated with IAM Policies and IAM Users
![Page 103: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/103.jpg)
ECR Limitations‣ You can only store up to 1,000 images per
docker repo.
‣ Pricing model requires you cull your unused docker images from the ECR repo.
‣ No hosting of public docker images.
‣ Docker repo names can be awkwardly long.
![Page 104: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/104.jpg)
But I still prefer ECR.‣ One less vendor to deal with.
‣ One integrated security model.
‣ Repo limits are probably appropriate.
‣ Not hosting public repos gives clear separation of public and private repos.
![Page 105: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/105.jpg)
Kinesis Analytics
![Page 106: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/106.jpg)
Big Idea‣ As companies grow, they eventually evolve out
of the monolithic app and into a microservices architecture.
Microservice A Microservice B
![Page 107: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/107.jpg)
‣ Usually, companies will start with two microservices.
‣ Then they’ll keep factoring out monolithic code into more and more microservices.
![Page 108: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/108.jpg)
‣ Eventually, teams will want an individual microservice to publish an event stream.
![Page 109: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/109.jpg)
‣ This way Microservice B can do something when Microservice A publishes a certain event.
![Page 110: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/110.jpg)
‣ But if we have n services, and each service reads the event stream of the other n - 1 services, now we have a combinatorial explosion:
![Page 111: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/111.jpg)
YUCK!
![Page 112: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/112.jpg)
‣ What if instead all services published their event streams to a central service.
‣ And all services read event streams from that same central service.
![Page 113: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/113.jpg)
‣ Now we have n connections, which is manageable!
![Page 114: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/114.jpg)
‣ These are the insights that LinkedIn had around 2011 when it wrote Apache Kafka.
‣ The central “event publishing service” would need to be:
‣ scalable
‣ resilient
‣ temporarily persist data to support consumers that go down
‣ not lose any data, even as data volume surges
![Page 115: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/115.jpg)
‣ The details are published in an epic blog post by LinkedIn engineer and Kakfa author Jay Kreps:
![Page 116: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/116.jpg)
‣ It turns out the concept of a scalable, performant, resilient centralized event stream can apply to lots of domains!
‣ IoT events
‣ Logging events
‣ Social media clickstreams
‣ Basically, any real-time data source
![Page 117: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/117.jpg)
‣ But running a Kafka cluster is highly non-trivial.
‣ So AWS introduced its own version of Kafka and offered it as a managed service.
Amazon Kinesis Streams
![Page 118: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/118.jpg)
‣ At ReInvent 2014, Amazon shared a wicked cool example of how Major League Baseball was tracking data from the field and using it to generate stats, visualizations, and more:
![Page 119: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/119.jpg)
‣ Here’s an excerpt from their architecture.
![Page 120: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/120.jpg)
‣ But what happens after the data gets into Kinesis?
Amazon Kinesis
?
![Page 121: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/121.jpg)
‣ The answer is that we can have Kinesis Consumers that periodically read the data.
Amazon Kinesis
Me Want Moar Data!
![Page 122: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/122.jpg)
‣ The consumer can then do anything with it
‣ Store it in S3 for later retrieval.
‣ Store it in RedShift for later querying.
‣ Store it in a relational database.
‣ Or any other custom operation.
![Page 123: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/123.jpg)
‣ Previously, we had to write our own custom worker to do any processing.
![Page 124: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/124.jpg)
‣ But what if we just want to query windows of incoming data and write it to a database? Isn’t that pretty common?
![Page 125: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/125.jpg)
‣ But now we don’t have to!
‣ That’s why Amazon has introduced:
Amazon Kinesis Analytics
![Page 126: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/126.jpg)
Input - Query - Output‣ Inputs
‣ Streaming Data Sources: Kinesis Streams, Kinesis Firehose
‣ Reference Data Source: Data in S3
‣ Query
‣ Write ANSI SQL against the data stream
‣ Outputs
‣ S3
‣ Redshift
‣ Kinesis Firehose ( —> Amazon Elasticsearch)
‣ Kinesis Streams
![Page 127: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/127.jpg)
Core Features‣ Use Standard SQL to query data streams.
‣ Kinesis will inspect your data stream and automatically create a baseline schema against which you can write your queries.
‣ Built-in live SQL editor to test queries against live data.
‣ Pre-written queries for common use cases.
‣ Query continuously, by Tumbling Windows, or Sliding Windows.
![Page 128: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/128.jpg)
Let’s combine it all in a sample architecture!
![Page 129: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/129.jpg)
Business Problem‣ Ice Cream shop
‣ IoT Enabled
‣ We track weight of each tub of ice cream continuously as a way to know in real-time how much ice cream we need to order.
‣ Our customer wants a slick real-time dashboard of everything.
![Page 130: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/130.jpg)
Architecture
IoT Weight MonitorsKinesis Streams
Kinesis Analytics
S3 Bucket
ECS Cluster
App to Query S3 Data and return Dashboard data
App that serves static assetsfor a Single-Page App
ALB
Users get dashboard updates with WebSockets
RDS PostgreSQL
![Page 131: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/131.jpg)
Caveats‣ If you had a low enough volume of data, you could just have
your sensors write directly to RDS Postgres and reduce lots of cost and complexity.
‣ But if you have enough data volume that you need the power of Kinesis, then this architecture makes sense.
‣ Querying S3 for real-time data is probably a bad idea, so it may make more sense to write a worker to read from S3 and write data to RDS Postgres or to use Redshift.
‣ Serving a static web app from an ECS app isn’t bad, but using S3 (+ CloudFront) is more efficient (but also more complex to setup).
![Page 132: New AWS Services](https://reader033.vdocument.in/reader033/viewer/2022050613/58758bb11a28ab901c8b5cb7/html5/thumbnails/132.jpg)
Thank you!Want to keep up with the latest news on DevOps, AWS, software infrastructure, and Gruntwork?
http://www.gruntwork.io/newsletter/